Privacy Notice for SPSV Licensing
This Privacy Notice is issued by the National Transport Authority of Dún Scéine, Harcourt Lane, Dublin 2 (“NTA”, “we”, “us”, “our”).
We are the national licensing authority for small public service vehicles (“SPSV”) and dispatch operators who take bookings for SPSV services. We maintain a register of all licences (each a “SPSV Licence”), including those granted by An Garda Síochána as the licensing authority for SPSV drivers (the “Register”). We monitor the operation of each SPSV Licence and enforce all aspects of the current SPSV Regulatory Framework for all SPSV services. We also operate the SPSV Driver Entry Test, distribute SPSV Driver Identification Cards and administer SPSV Grant Schemes.
The purpose of this notice is to inform you of the data relating to you that we will collect and use in connection with SPSV Licences, the SPSV Driver Entry Tests and any SPSV Grant Scheme and the uses (including disclosures to third parties) we will make of such data.
If you have any questions about our use of your personal data, you can contact our Data Protection Officer at firstname.lastname@example.org.
Personal Data that We Collect from You
We will collect and process personal data relating to you in connection with your SPSV Licence and our relationship with you. This personal data may include:
• your name and contact details, including your address, phone number and email address;
• your driving licence;
• photographic identification, including photographs for display on SPSV driver display cards, the Public Register and the Driver Check app;
• the unique identifier assigned to you or your SPSV Licence;
• your PPSN or company tax reference number;
• information about your vehicle that is licensed, or proposed to be licensed, as a SPSV (including images taken at inspection);
• information entered in any correspondence you submit in connection with a SPSV Licence;
• evidence that you have passed a SPSV Driver Entry Test;
• your tax clearance status;
• your National Car Test (NCT) issue date;
• evidence of your insurance;
• communications to and from you (including telephone calls);
• your debit/credit or bank account details (these are not retained);
• any other personal data relating to you that you provide to us or that we generate about you in connection with your SPSV Licence or your application for any Grant Scheme.
Personal Data that We Collect from Other Sources
We collect and process personal data relating to you in connection with your SPSV Licence from public authorities and bodies, including, for example, your NCT issue date from the Driver and Vehicle Computer Services Division, your tax clearance status from the Office of the Revenue Commissioners and your taximeter verification status from the National Standards Authority of Ireland. We collect and process personal data, including name, photograph and contact details from An Garda Síochána for SPSV driver licence holders.
Purposes of Processing and Legal Basis
We will use personal data relating to you for the purposes of:
• processing your application for a SPSV Licence;
• providing you with a SPSV Licence and your SPSV Driver Identification Cards;
• facilitating your use of your SPSV Licence in accordance with our contract with you and/or our legal obligations;
• managing your SPSV Licence;
• providing you with necessary information and updates about SPSV Licences;
• providing you with customer support, including our SPSV Industry Information Line and contact forms;
• maintaining the register of SPSV licences
• developing, operating and maintaining a regulatory framework for the licensing and regulation of the standards to be applied to SPSVs
• operating the public complaints procedure;
• operating the compliance and enforcement function;
• carrying out research and customer satisfaction surveys;
• generating and analysing statistics regarding SPSV licensing. Wherever possible, personal data will be anonymised before being used for this purpose;
• fraud prevention, investigation and detection;
• establishing, exercising or defending legal claims;
• performing our functions as a public authority and complying with our legal obligations.
The legal bases on which we process your personal data are:
• that this is necessary for the performance of our contract with you governing your voluntary commitment to a SPSV Driver Entry Test, SPSV Licence or in relation to any grant scheme;
• that this is necessary for the performance of tasks that we carry out in the public interest or in the exercise of official authority vested in us by law; and
• that this is necessary for compliance with the legal obligations applying to us.
Requirement to Provide Data
You are not under a statutory or contractual obligation to provide us with any personal data. However, where you volunteer to provide a public service for reward, SPSV Licences are required by statute. There are some pieces of information that you must provide to us so that we can process your application for a SPSV licence. If you do not provide the required information, we shall not be in a position to issue a SPSV licence.
Safeguards Adopted in relation to Processing
We use a variety of procedures and security measures and technologies to protect your personal information against unauthorised access, use or disclosure.
Only staff members who are suitably authorised can access your personal information where that information is relevant to the performance of their duties in accordance with legal or regulatory obligations. This includes staff working for third parties under contract to us.
We use internal technical and organisational measures to protect your personal information from unauthorised access, to maintain data accuracy and to help ensure the appropriate use of your personal information.
These security measures include encryption of your personal information, firewalls, intrusion detection systems, 24/7 physical protection of facilities where your personal information is stored, checks for personnel that access physical facilities, and strong security procedures across all operations.
Recipients of Data
We will disclose your personal data to other organisations in connection with the above purposes, including:
• to the Office of the Revenue Commissioners, the Driver and Vehicle Computer Services Division of the Department of Transport Tourism and Sport, National Standards Authority of Ireland Legal Metrology Services and the Department of Social Protection, where required or permitted by law;
• to third parties who we engage to provide services to us in connection with the granting and operation of SPSV Licences, such as outsourced service providers, IT services providers, professional advisers and auditors;
• to other public authorities and bodies where required or permitted by law, such as An Garda Síochána or other law enforcement authorities for the purposes of licensing and the prevention, investigation or detection of crime. This includes the sharing of SPSV data with via the Online Register;
• to members of the public, where permitted or required by law. This includes the sharing of SPSV data with the public, via the Public Register, SPSV Online Services (driver links and vehicle rentals) and Driver Check app;
• to SPSV licence holders, where permitted or required by law. This includes the sharing of SPSV data via SPSV Online Services to enable the creation of driver links and vehicle rentals.
NTA does not sell or hire your personal information to third parties for their own use or for marketing purposes.
• We will not hold your personal data for longer than is necessary. We retain your personal data for as long as we need it for the purposes described in this Notice, or to comply with our obligations under applicable law and, if relevant, to deal with any claim or dispute that might arise.
• Information on a SPSV Licence is held for six years after the date of expiry of the SPSV Licence.
• Information in relation to a SPSV Driver Entry Test is held until such a time as the SPSV Licence is granted, or if longer, for five years after the date of a successful SPSV Driver Test. Unsuccessful test data is retained for two years. Information received via the SPSV Industry Information Line is held for up to one year.
• Information received in upheld complaints or enforcement activities relating to the holder of a SPSV Licence is held for six years after the date of expiry of the SPSV Licence. Information received in conviction cases is held for seven years after the date of expiry of the SPSV Licence. Those matters which are not upheld are not retained against a licence.
• Search logs created by the Driver Check app and captured by our systems are deleted after 30 days.
• Search logs created by the Public and Online Registers and captured by our systems are deleted after 6 months.
• We do not record or keep card payment information.
Automated Decision Making
In certain circumstances, the application process for a SPSV Licence may be subject to automated conclusions, for example where a SPSV Licence requirement is based on a “matter of fact set out in law” such as the age or the NCT status of the vehicle or the tax status of an owner. Such conclusions are automated by the NTA using direct digital reference to other Government data.
If your SPSV Licence application is rejected through automated processing we will always send you the reason in plain English. If you believe the reason to be wrong, you need to contact the relevant Government agency to have your details corrected directly with them, i.e. Revenue Commissioners for tax matters, the National Vehicle and Driver File for vehicle matters and National Standards Authority of Ireland for taximeter matters. If your SPSV Licence application was rejected because we need you to provide further information to us we will explain exactly what we need and you can then re-submit your application accordingly.
You always have the right to object or appeal an application decision by contacting us at either of the following:
• Post: Dún Scéine, Harcourt Lane, Dublin 2, D02 WT20
• Contact Us
• Phone: 761 064 000
You have the following rights, in certain circumstances and subject to certain restrictions, in relation to your personal data:
• the right to access your personal data;
• the right to request the rectification and/or erasure of your personal data;
• the right to restrict the use of your personal data;
• the right to object to the processing of your personal data; and
• the right to receive your personal data, which you provided to us, in a structured, commonly used and machine-readable format or to require us to transmit that data to another controller.
If you wish to exercise any of the rights set out above, please contact us at email@example.com.
We will occasionally update this policy. We encourage you to periodically review licence communications and our website for the latest information on our privacy practices.
If you are not happy with the way we are using your personal data or how we facilitate your rights or comply with our obligations under applicable data protection law, you have the right to make a complaint to the Data Protection Commission by emailing firstname.lastname@example.org.