Data Protection Policy

Introduction

Skyfleet Ltd is committed to protecting the privacy and security of personal data. We comply with the UK General Data Protection Regulation (UK GDPR), the Data Protection Act 2018, and the Privacy and Electronic Communications Regulations (PECR). This policy explains how we collect, use, store and protect personal information.

Our Responsibilities

Skyfleet Ltd is the Data Controller for the personal data we process. We decide how and why data is used. We are registered with the Information Commissioner’s Office (ICO), registration number Z5828790.

The Data We Collect

We may collect personal data including: names, addresses, email addresses, phone numbers, date of birth, identification documents, bank details (for identity checks), employment information, business details and any information required to assess finance applications.

Lawful Bases for Processing

We only process personal data when we have a lawful reason. Under UK GDPR, this includes:

1)  Contract – to arrange vehicle finance or provide services

2)  Legal obligation – to comply with FCA or anti‑money laundering requirements

3)  Legitimate interests – to operate our business and prevent fraud

4)  Consent – for marketing communications.

UK GDPR Data Protection Principles

We follow the six principles of UK GDPR. Personal data must be:

1)  Used lawfully, fairly and transparently.

2)  Collected for specific purposes.

3)  Limited to what is necessary.

4)  Accurate and kept up to date.

5)  Kept only as long as necessary.

6)  Kept secure.

We are also responsible for demonstrating compliance with these principles.

Your Data Rights

Under UK GDPR you have the right to:

1)  Access your data.

2)  Have inaccurate data corrected.

3)  Have data deleted (in some cases).

4)  Restrict processing.

5)  Object to processing or marketing.

6)  Request data transfer to another provider.

7)  Not be subject to solely automated decisions.

Requests will be completed within one month and are free of charge.

 

Subject Access Requests (SARs)

If you want to see the information we hold about you, you can email [email protected]. We will ask for proof of identity and respond within one month. We will not charge a fee unless the request is excessive.

How We Use Your Data

We use personal data to:

1)  Provide quotations.

2)  Process finance applications.

3)  Verify identity and prevent fraud.

4)  Administer contracts.

5)  Manage customer relationships.

6)  Meet FCA and legal requirements.

7)  Provide updates and customer service.

8)  Send marketing where consent has been given.

Marketing and Communications

We only send marketing emails or messages when you have given consent or where allowed under PECR. You can withdraw consent at any time by emailing [email protected].

Data Sharing

We may share personal data with:

1)  Finance lenders.

2)  Vehicle suppliers and delivery agents

3)  Identity and credit-check partners

4)  Regulators such as the FCA or ICO

5)  Fraud‑prevention agencies.

We only share the minimum data required and never sell personal data.

International Transfers

We normally store data in the UK. If data must be processed outside the UK, we ensure appropriate safeguards such as ICO‑approved International Data Transfer Agreements (IDTAs) or UK Addendums.

Data Security

We use strong passwords, encryption, firewalls, secure servers and restricted access to protect data. Paper documents are stored securely and shredded when no longer required. Electronic data is backed up and protected by authorised software. Data must not be stored on personal devices unless authorised.

Data Retention

We keep personal data only as long as needed. Typically:

1)  Finance application data: up to 7 years.

2)  Customer records: duration of contract + 6 years.

3)  Marketing consent records: until consent is withdrawn. After this time, data is securely deleted or anonymised.

Data Breaches

Staff Responsibilities

All staff must follow this policy, keep data secure, report suspected breaches, and complete training. Staff must not share data informally or with anyone who is not authorised.

Third‑Party Processors

Any suppliers that handle personal data on our behalf must meet UK GDPR standards. Contracts with third parties include data‑processing terms and are reviewed regularly.

Cookies and Website Privacy

Our website may use cookies to improve user experience. Visitors can manage cookie settings at any time. Our website Privacy Notice explains this in more detail.

Data Protection Officer

The Data Protection Officer (DPO) is Toby Mileham. He is responsible for monitoring compliance, handling data requests and reviewing policies. Email: [email protected]

Company Information

Skyfleet Ltd, Capital House, Units 3‑4 High House Business Park, Kenardington, Kent, TN26 2LF. Phone: 01233 730260. FCA Reference Number: 669102.

(V8 – 05/01/2026)