Privacy Policy – your Personal Data

Privacy Policy

We, The Right Fuelcard Company (‘RFC’), respect your privacy and are committed to protecting your personal data. This privacy policy (‘Policy’) will let you know how we process your data when you visit our website, purchase a product or subscribe to our services (altogether ‘Services’). Please read it carefully before using our Services. We may, freely and without notice, update this Policy for compliance to the applicable laws or to our activity. Please make sure to consult it regularly.

The terms below shall have the following meaning when used in this Policy:

Cookie Policy Our Website cookie policy, available here
DPO Data Protection Officer
EEA European Economic Area
EU European Union
GDPR General Data Protection Regulation of the EU n°2016/679
Group Edenred group to which RFC belongs
RFC The Right Fuelcard Company including its affiliates and subsidiaries
Terms and Conditions Our online terms and conditions in their latest published version available here
we, us, our RFC
UK The United Kingdom
UK GDPR The Data Protection, Privacy and Electronic Communication Act integrating the Data Protection Act 2018 and the GDPR as negotiated as part of the EU and the UK
Website https://www.befuelcards.co.uk/

In this Policy, the terms ‘Commission’, ‘cross-border transfer’ ‘data breach’, ‘(data) controller’, ‘(data) processor’, ‘data subject’, ‘(personal) data’, ‘processing’, ‘supervisory authority’ shall have the meaning attributed under GDPR and UK GDPR.

Who are we?

RFC acts as data controller for your personal and has appointed a DPO, who can be contacted at:

The Right Fuelcard Company
DPO
One The Embankment, Neville Street, Leeds, LS1 4DW

data@rightfuelcard.co.uk  or via this form

What data do we process, why and on which legal basis?

We only collect the following personal data of professional nature (as our Services are solely intended for businesses):

 

 

Purpose Type of data Legal basis
To apply for fuelcards 
  • Contact person full name
  • Contacts (telephone, email)
  • Company details (trading name, type, registration number, address)
  • Fleet information (vehicles number by fuel type, BP fuelcards type estimated monthly spend)
 Performance of a contract (our Terms and Conditions)
For fraud prevention and risk control
  • Proof of identity and address
  • Company printouts
  • Company banking details
  • Creditworthiness (balance sheets, credit check)
  • Debts recovery tracing
 Our legitimate interests (to control our financial risks)
For payment collection
  • Identity
  • Contact
  • Company banking details
  • Transaction details (drawings)
  • Company information
 Performance of a contract (our Terms and Conditions)
To provide you with necessary information (i.e. about policies or legal changes)
  • Identity
  • Contact
  • Customer profile (active/inactive)
 Performance of our legal or contractual obligation (to inform you)
For review and survey
  • Name or full name (as provided by you)
  • Contact
  • Review or feedback message content
 Our legitimate interests (to improve our services and offers and customers experience)
To partake in a prize draw or competition
  • Identity
  • Contact
  • Customer profile
  • Services used
  • Transaction
  • Marketing preferences 
 Our legitimate interest (to offer you to join in)

Your consent (your marketing preferences)
For our Website administration and security
  • Digital data (credentials, IP addresses, website interactions)
  • Technical data (incidents, support requests, etc.)
 Our legitimate interests (to secure our Website and provide you with technical support)
To personalise our Website’s content and advertisements
  • Digital data (analytics, browsing, interests, IP addresses or credentials)
  • Technical data
  • Marketing preferences
 Our legitimate interests (to improve customers experience and offer you personalised content)

Your consent (see our Cookie Policy)
To improve our Website
  • Technical data
  • Website usage
 Our legitimate interests (to improve our Website)

Your consent (see our Cookie Policy)
To send you offers
  • Identity
  • Contact
  • Technical data
  • Usage data
  • Customer profile
 Our legitimate interests (to develop our business)

Your consent (opt-in, absence of opt-out or soft opt-in)
To access and manage your account
  • Credentials
  • Contact
  • Identity
  • Registration and login dates
  • Account information
  • Balance
  • Transaction data (statements history, drawings, balance)
  • Invoicing data (invoices, billing addresses)
 Performance of a contract (our Terms and Conditions)
To contact us
  • Name
  • Email
  • Telephone
  • Enquiry content
 Your consent (to this Policy)

Our legitimate interest (to address your enquiry)
To review your application
  • Email address
  • Full name
  • Application data
 Your consent (to this Policy)

 

What if you fail to provide personal data?
Please note that where we need to collect personal data by law or contract, if you fail to provide the necessary data, we will not be able to provide you with our services and products at no liability or costs for us. It is essential that you ensure that your personal data is accurate and current. Please keep us informed of any change clicking

How is your personal data collected?
We use different methods to collect data from and about you including through:

  • Direct interactions (e.g. when you apply for our Services, subscribe to marketing communications, etc.); Automated technologies or interactions (e.g. when you interact with our Website)
  • Third parties or publicly available sources (e.g. financial data from providers, identity data from Company House)  

How can you opt out from marketing communications?
You can opt-out from marketing messages at any time by:

  • clicking to update your marketing preferences; or
  • following the unsubscribe links on any marketing message you receive; or
  • contacting us at any time.

What about cookies?
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this website may become inaccessible or not function properly. For more information about the cookies we use, please see our Cookie Policy.

Who are the recipients of your data?
We may need to share your data internally (to affiliates and subsidiaries as well as with other entities of the Group) and externally (to third parties) with our providers and partners:

  • for printing and mailing;
  • for email services: with emailing tools;
  • for website maintenance: with our webmaster and similar providers;
  • for website tracking and analytics: with analytics tools such as Google Analytics;
  • for surveys and feedbacks: with survey and feedback providers such as Trustpilot or Medallia;
  • for external counsel: with our legal firms;
  • for credit check, fraud prevention and cash collection: with credit reference agencies which may also share information about your settled accounts and late payments with other organisations. For more information, click here.

Our providers and partners are required to process your data solely for the purposes indicated and according to our instructions and all applicable data protection laws and to implement all necessary security measures to protect your personal data.   

Some of our partners and providers may be located within or outside the UK or EEA (e.g. in the United-States). Additionally, RFC is part of an international Group with entities located outside the EEA, which may have access to your data while conducting business. No transfer of your personal data is conducted without the appropriate applicable safeguards (like the Commission Standard Contractual Clauses).

What data security have we implemented?
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, altered, disclosed, used or accessed in an unauthorised way. Only recipients with a need-to-know (according to the above-mentioned purposes) may access your data and are subject to confidentiality undertakings.

How long is your data retained for?
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for and according to applicable legal or regulatory prescriptions:=

Data category Retention period
For data relating to customers For the time of the contractual relationship (active base) and up to 10 years afterwards (archive with restricted access)
For data relating to prospects Up to three years since last contact (active base)

We may retain data for a longer period but only in an anonymised format for statistical purposes.

What are your rights and how to exercise them?
You have a right to access, rectification, erasure, portability of your personal data as well as a right to restrict or object a data processing, a right not to be subject to automated decision-making and be notified in case of a data breach and a right to lodge a complaint to the competent supervisory authority. Please note however that each request will be subject to prior analysis as to its legitimacy and to prior identity verification for which we may require you to provide a proof of identity. We may also require you to precise your request and provide complementary information. To exercise your rights, click here or contact our DPO at data@rightfuelcard.co.uk. To inform us about a change of address, please click For any other request, click on ‘Contact’.